Hackers step up attempts to hijack DeFi websites


Hackers are increasingly targeting front-end websites of DeFi protocols in an attempt to steal user funds.

Convex Finance, a protocol offering increased rewards to liquidity providers and Curve stakers, is urging users to be diligent in verifying addresses for contract approvals after its website was hacked on Thursday.

Impersonation attack

Convex is the sixth-largest DeFi protocol with a total value locked (TVL) of $3 billion, despite a 6% drop in TVL in the past 24 hours, according to DeFi Llama.

On June 23, angel investor Alexintosh tweeted that Convex Finance was asking users to approve an unverified smart contract address, suggesting that a hacker may have infiltrated the Convex Finance website to execute a DNS (domain name server) spoofing attack.

Domain name servers allow users to access websites through simple text-based web addresses instead of typing in the exact IP address of each website they wish to visit, making it easier to use the Internet .

Convex Finance later confirmed that its DNS had indeed been hacked, causing some users mistakenly approve malicious contracts. Convex launched two alternative domain names from which users can access the protocol as a precaution while an ongoing DNS hijacking investigation is conducted.

The Convex team asked the owners of the wallets that had been impersonated to get in touch via Twitter DM or its Discord channel. He also emphasized that user funds held in his verified smart contract remain safe and unaffected.

Safety Precaution

Twitter user Bret Woods has urged Web3 users to carefully verify the addresses involved in every crypto transaction they make to be on the safe side. “Even on trusted sites, we see user interfaces being hacked, leading to erroneous token approvals,” they said. said.

Meme-Token DogeBonk tweeted that Convex should have used Domain Name System Security Extensions (DNSSEC) to add cryptographic authentication and defend against spoofing attacks.

The price of Convex’s native CVX token appears unaffected by the incident, having gained 2.5% in one day to trade at $4.60, according to CoinGecko.

Hijack attack

Convex is not the first DeFi project to suffer a DNS hijacking attack.

In March 2021, the two Financing of the cream and Pancake Swap reported that DNS spoofers had compromised their websites. The attack led front-end websites for both protocols to ask users to enter their seed phrase. If entered, the phrase would allow the attacker to take control of users’ wallets and drain their funds.

In December, BadgerDAO users lost an estimated $130 million in a front-end attack when its API key for Cloudflare, a website security service, was compromised. the attacker injected a malicious script in the Badger front-end, intercepting transactions and asking users to approve contracts under the attacker’s control.


About Author

Comments are closed.